Create and manage API keys to enable secure programmatic access to your Devdraft account. Use these keys to integrate with external systems, automate workflows, and build custom applications.

What are API Keys?

API keys are secure credentials that allow external applications and services to access your Devdraft account programmatically. Each key consists of a public key identifier and a secret key that together authenticate API requests.
API Keys management dashboard showing created keys and controls - light modeAPI Keys management dashboard showing created keys and controls - dark mode

API Keys Management Dashboard

Quick Setup

Create your first API key in under 2 minutes:
1

Access API Keys

Navigate to App SettingsAPI Keys in your dashboard
2

Create New Key

Click Create API Key and provide a descriptive name
Create API Key interface with name and description fields - light modeCreate API Key interface with name and description fields - dark mode

Create API Key Interface

3

Set Permissions

Choose the access scopes and permissions for your key
4

Save Credentials

Copy and securely store your API key and secret

API Key Components

API Key (Public)

A public identifier that identifies your application to our servers

Secret Key (Private)

A private key used for authentication - keep this secure and never share publicly
Your secret key is only shown once during creation. Make sure to copy and store it securely before closing the creation dialog.

Creating API Keys

1

Start Key Creation

Navigate to App SettingsAPI Keys and locate the key creation area.
2

Configure Key Details

API Key Information:
  • Name: Descriptive name for identification
  • Description: Optional usage notes
  • Scope: Select appropriate access permissions
  • Expiration: Set key lifetime (optional)
3

Generate and Save

Click Generate API Key to create your credentials.
Copy both the API key and secret immediately - the secret is only shown once.

Managing Existing API Keys

API Key Overview:
  • Key name and creation date
  • Last used timestamp
  • Status (Active, Inactive, Expired)
  • Access scope and permissions
  • Usage statistics
Management Actions:
  • View key details
  • Copy API key
  • Regenerate secret (creates new key)
  • Deactivate or delete key
Quick Copy Functionality:
  • Click the copy icon next to any API key
  • Keys are masked for security (show first 8 and last 4 characters)
  • Full key is copied to clipboard
  • Success confirmation displayed
Only the public API key is visible. Secret keys cannot be retrieved after creation.
Security Management:
  • Immediately disable compromised keys
  • Revoked keys cannot be reactivated
  • All API calls using revoked keys will fail
  • Create new keys to replace revoked ones
1

Select Key to Revoke

Click the delete/revoke button next to the API key you want to disable.
2

Confirm Revocation

Confirm that you want to permanently revoke the key access.
3

Update Applications

Update any applications using the revoked key with new credentials.
Activity Tracking:
  • Last used timestamps
  • Request volume statistics
  • Error rate monitoring
  • Security event logging

Security Best Practices

Secure Storage

Store API keys in environment variables or secure configuration management systems

Least Privilege

Grant only the minimum permissions required for each key’s intended purpose

Regular Rotation

Rotate API keys periodically, especially for production applications

Monitor Usage

Regularly review API key activity and revoke unused or suspicious keys

API Key Security

1

Never Expose Keys Publicly

Keep Keys Private:
  • Never commit API keys to version control
  • Don’t include keys in client-side code
  • Avoid sharing keys in documentation or support tickets
  • Use environment variables for key storage
2

Implement Proper Access Controls

Scope Limitations:
  • Create separate keys for different applications
  • Use read-only keys when write access isn’t needed
  • Implement IP restrictions where possible
  • Monitor for unusual API activity
3

Respond to Security Incidents

Incident Response:
  • Immediately revoke compromised keys
  • Generate new credentials for affected applications
  • Review audit logs for unauthorized access
  • Update security procedures as needed

Integration Examples

curl -X GET "https://api.devdraft.ai/v1/transactions" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Secret-Key: YOUR_SECRET_KEY" \
  -H "Content-Type: application/json"
API keys are tied to your specific application and business account. Each key provides access only to data and operations within your account scope.